Zoncolan: How Facebook uses static analysis to detect and prevent security issues
Facebook’s web codebase currently contains millions of lines of Hack code. To handle the sheer volume of code, we build sophisticated systems and tools to augment the comprehensive reviews our security engineers conduct. Today, we are sharing the details of one of those tools, called Zoncolan, for the first time.
Zoncolan helps security engineers scale their work by using static analysis to automatically examine our code and detect potentially dangerous security or privacy issues.